Servers and storage are a primary focus for one hospital’s support upgrades.
Data is pouring into the healthcare industry at a lightning-fast pace: Wearables collect biometric information on people doing everyday chores or exercise; digital technologies such as health portals seek to connect patients and providers with easy access to health information; and predictive analytics is helping seniors live a better life in their golden years.
But in the healthcare field, data has always been under a different lens than in other industries, and for good reason. While these new sources of data hold tremendous potential, they should also be approached with great care from stakeholders across the health IT landscape, according to an expert from the Federal Trade Commission, speaking at the VMWare-sponsored FedScoop Public Sector Innovation Summit in Arlington, Va., on Wednesday.
“There are tremendous benefits that can come from [health IT] technologies, but in order for people to really benefit, there has got to be trust in the system,” said Cora Han, the FTC’s senior attorney for the division of privacy and identity protection.
Here, we take a look at the top areas of opportunity — and concern — as access to data flourishes in the health field.
“There is a shift for consumers who are now increasingly either generating their own health data — or trying to manage it when it comes to them in the form of their records — and interact with them,” said Han, noting that new consumer-facing technologies are raising some fresh security concerns for users.
Security is a main point of apprehension in the healthcare community, particularly in light of the WannaCry ransomware attacks, which crippled healthcare organizations worldwide and, in some cases, forced providers to turn patients away.
Han flagged unauthorized access to patient information as the main area of trepidation, but lacking security can also have physical implications.
“When we’re talking about connected medical devices, that [lack of security] potentially involves the risk of physical harm,” she said.
“With the tremendous volume of data being generated with all of the sensors, there is the potential of analysis of that data in ways that consumers might not necessarily realize,” said Han. There are tremendous benefits to that data in terms of the potential for Big Data analytics. But there are also concerns about what inferences people are able to make about that data.
— Juliet Van Wagenen (@Juliet_Tech) May 17, 2017
“For instance: Does your fitness reflect on your credit ratings?” asked Han.
As data access increases, there is also growing concern around patient privacy, and how information gathered from mobile health apps could be shared in ways that consumers may not normally expect.
“An example might be if you are using a health and fitness app,” said Han, noting that adoption of technologies like Fitbits is extremely high. “But you may not realize that the information you are sharing with the app may not be shared in the ways you could normally expect.”
She adds that depending on the app and how it generates revenue, information could be shared with marketers or data brokers.
“You might think ‘This is exactly how I’m providing my information to healthcare providers,’ but, in fact, there are a different set of rules that might apply.”
To get ahead of this, Han believes that companies must be urged to exhibit patience and build privacy and security into their apps from the start.
“The Internet of Medical Things is here now, so we need to be thinking about how we integrate a whole host of things into our infrastructure and how we protect those systems and data,” said Lauren Thompson, director of the DOD/VA Interagency Programs Office at the Defense Department.
With the IoMT at our doorsteps, part of ensuring data privacy and security going forward could be building in defense mechanisms from the start and throughout the entire value chain.
“We have created a healthcare delivery system based on implicit trust. Whether it’s EHR, a medical device, or any other component that’s used in the delivery of healthcare, it’s implicitly trusted … it’s technology agnostic. Doesn’t matter if it’s mobile or it’s IoT, if I’m getting a reading I implicitly trust that data input, but what does that say for security? How do I establish trustworthiness for that technology input so that it’s technology agnostic?” said Seth Carmody, cybersecurity project manager for the Food and Drug Administration.
While Carmody notes that the FDA has been working with medical suppliers to create an environment of implicit trust for new data sources, he would like to see security built in to all health technology — ideally within the next three to five years.
“I’d like to see software that has been secured by design … and hardware secured by design that manufacturers can pull off the shelf, so they can build trusted systems that … have trustworthiness by design,” Carmody said.